| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Disable executing external commands from psql? |
| Date: | 2010-06-01 23:55:31 |
| Message-ID: | 11514.1275436531@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> writes:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether it is possible or not, just that it's a
> bad or useless idea.
Yes, it seems pretty useless.
> It may or may not be a bad idea (e.g., carry some risk). My scenario is
> that I'd like to give people that I don't necessarily know (or therefore
> trust) the ability to run psql for a database I've already set up for
> them. I set their login shell to psql, so they can simply ssh in, and
> they are in psql. From there, though, they can do a simple \!
> /bin/bash, and they've got way more access than I want them to.
> So is there any way to disable the "\!" stuff? If there's a better way
> to go about this, I suppose I'm all ears too!
The better way to go about that is to not let them have an account on
the server machine in the first place. Just expose the postmaster port
(perhaps via ssh tunneling) and let them run psql on their own machines.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2010-06-01 23:57:39 | Re: Disable executing external commands from psql? |
| Previous Message | Ken Tanzer | 2010-06-01 23:45:52 | Disable executing external commands from psql? |